summaryrefslogtreecommitdiffstats
path: root/suricata/update/configs/modify.conf
diff options
context:
space:
mode:
Diffstat (limited to 'suricata/update/configs/modify.conf')
-rw-r--r--suricata/update/configs/modify.conf24
1 files changed, 24 insertions, 0 deletions
diff --git a/suricata/update/configs/modify.conf b/suricata/update/configs/modify.conf
new file mode 100644
index 0000000..70bfb3e
--- /dev/null
+++ b/suricata/update/configs/modify.conf
@@ -0,0 +1,24 @@
+# suricata-update - modify.conf
+
+# Format: <sid> "<from>" "<to>"
+
+# Example changing the seconds for rule 2019401 to 3600.
+# 2019401 "seconds \d+" "seconds 3600"
+#
+# Example converting all alert rules to drop:
+# re:. ^alert drop
+#
+# Example converting all drop rules with noalert back to alert:
+# re:. "^drop(.*)noalert(.*)" "alert\\1noalert\\2"
+
+# Change all trojan-activity rules to drop. Its better to setup a
+# drop.conf for this, but this does show the use of back references.
+# re:classtype:trojan-activity "(alert)(.*)" "drop\\2"
+
+# For compatibility, most Oinkmaster modifysid lines should work as
+# well.
+# modifysid * "^drop(.*)noalert(.*)" | "alert${1}noalert${2}"
+
+# Add metadata.
+#metadata-add re:"SURICATA STREAM" "evebox-action" "archive"
+#metadata-add 2010646 "evebox-action" "archive" \ No newline at end of file
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-16 15:57:24 +0000